.TH gtlsshd 8 01/02/19  "Server for shell over TLS"

.SH NAME
gtlsshd \- Server for shell over TLS

.SH SYNOPSIS
.B gtlsshd [options]

.SH DESCRIPTION
The
.BR gtlsshd
program receives connections from gtlssh, authenticates the
connections, and connects them to a shell or a program as requested.

.BR gtlsshd
will listen on both SCTP and TCP sockets unless told otherwise.

.BR gtlsshd
uses openssl public key certificate authentication both
directions.  When something connections, it uses standard SSL handling
to validate itself to the user with the given key and certificate
files.

On SSL does its job, it then runs an authentication protocol for the
user on top of the SSL connection.  The user sends the username, and
gtlsshd will use the $HOME/.gtlssh/allowed_certs directory to
authenticate a certificate the user presents.  If the user doesn't
have a certificate that matches the presented certificate,
.BR gtlsshd
will attempt a normal password login if that is enabled.

.SH OPTIONS
.TP
.I \-p|\-\-port port
Use the given port instead of the default port.
.TP
.I \-h|\-\-keyfile file
Use the given file for the key instead of the default.  Defaults to
/etc/gtlssh/gtlsshd.key.
.TP
.I \-c|\-\-certfile file
Set the certificate to use.  Defaults to /etc/gtlssh/gtlsshd.crt.
.TP
.I \-\-permit-root
Allow root logins.  Otherwise root or uid=0 is denied.
.TP
.I \-\-allow-password
Allow password logins.  By default only certificate-based logins
are allowed.  Passwords are much less secure than certificate
logins, so their use is discouraged.
.TP
.I \-\-oneshot
Do not fork the program at the beginning or when a connection is
received.  This allows easier debugging of the program.
.TP
.I \-\-nodaemon
Do not daemonize (double fork) the program.
.TP
.I \-\-nosctp
Disable SCTP support.
.TP
.I \-\-notcp
Disable TCP support
.TP
.I \-\-other_acc <accepter>
Enable the given accepter to receive connections for gtlsshd.  This
does not disable TCP or SCTP.
.TP
.I \-P|\-\-pidfile file
Create a standard pidfile using the given filename.
.TP
.TP
.I \-4
Do IPv4 only.
.TP
.I \-6
Do IPv6 only.
.I \-d|\-\-debug
Generate debugging output.  Specifying more than once increases the output.
This also causes syslog output to go to standard error.
.TP
.I \-h|\-\-help
Help output

.SH "SEE ALSO"
gensio(5), gtlssh(1), gtlssh-keygen(1)

.SH "KNOWN PROBLEMS"
None.

.SH AUTHOR
.PP
Corey Minyard <minyard@acm.org>
